Automation Engineer - Identity Access Management team

São Leopoldo - RS
Permanente
Período integral

Há 8 dias

We help the world run betterAt SAP, we enable you to bring out your best. Our company culture is focused on collaboration and a shared passion to help the world run better. How? We focus every day on building the foundation for tomorrow and creating a workplace that embraces differences, values flexibility, and is aligned to our purpose-driven and future-focused work. We offer a highly collaborative, caring team environment with a strong focus on learning and development, recognition for your individual contributions, and a variety of benefit options for you to choose from.About the RoleWe're looking for an experienced IAM Automation Engineer to lead the design, implementation, and management of automated identity and access infrastructure across AWS, GCP, and hybrid environments. You'll work hands-on with Okta, Active Directory (AD), and LDAP, while building scalable, auditable workflows using Infrastructure as Code, automated secrets and certificate management, and modern scripting languages like Python, Bash, and PowerShellKey Responsibilities:

Build and maintain Infrastructure as Code (IaC) for IAM systems using Terraform, Ansible, and CloudFormation.
Automate IAM lifecycle events (provisioning, deprovisioning, role and group management) across Okta, Active Directory, and LDAP.
Create and maintain automated workflows using Python, PowerShell, and Bash to support IAM pipelines and cloud-native functions (e.g., AWS Lambda).
Manage automated secrets rotation and certificate lifecycle using tools like AWS Secrets Manager, ACM, Vault, or Certbot.
Integrate with CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab) for continuous deployment of IAM and security configurations.
Orchestrate event-driven automation that reacts to identity lifecycle events and aligns with zero trust and least privilege principles.
Connect IAM workflows with ticketing systems such as ServiceNow and Jira, enabling self-service and audit logging.
Collaborate with cross-functional teams to ensure IAM automation aligns with security, compliance, and operational goals

Required Qualifications:

3-5+ years of experience in IAM, DevSecOps, or infrastructure automation roles.
Solid hands-on experience with Okta, Active Directory, and OpenLDAP in cloud or hybrid environments.
Strong automation experience using Terraform, Ansible, and CloudFormation.
Proven scripting ability in Python, Bash, and PowerShell (you should be comfortable switching between them as needed).
Experience with AWS services (IAM, Lambda, Secrets Manager, ACM) and GCP IAM tools.
Familiarity with CI/CD pipelines and Git-based version control.
Integration experience with ServiceNow, Jira, or other ITSM platforms.
Working knowledge of IAM best practices: RBAC, ABAC, SSO, JIT access, and audit controls

Preferred Qualifications:

Experience automating certificate lifecycle management using tools like Certbot, Venafi, Smallstep, or Vault PKI.
Familiarity with federated identity protocols (SAML, OIDC), SCIM provisioning, and SSO integrations.
Knowledge of secrets rotation, zero standing privilege, and identity governance best practices.
Experience writing modular automation code for reuse across cloud environments or business units.

Bring out your bestSAP innovations help more than four hundred thousand customers worldwide work together more efficiently and use business insight more effectively. Originally known for leadership in enterprise resource planning (ERP) software, SAP has evolved to become a market leader in end-to-end business application software and related services for database, analytics, intelligent technologies, and experience management. As a cloud company with two hundred million users and more than one hundred thousand employees worldwide, we are purpose-driven and future-focused, with a highly collaborative team ethic and commitment to personal development. Whether connecting global industries, people, or platforms, we help ensure every challenge gets the solution it deserves. At SAP, you can bring out your best.We win with inclusionSAP's culture of inclusion, focus on health and well-being, and flexible working models help ensure that everyone - regardless of background - feels included and can run at their best. At SAP, we believe we are made stronger by the unique capabilities and qualities that each person brings to our company, and we invest in our employees to inspire confidence and help everyone realize their full potential. We ultimately believe in unleashing all talent and creating a better and more equitable world.
SAP is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to the values of Equal Employment Opportunity and provide accessibility accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with SAP and are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to Recruiting Operations Team: Careers@sap.com
For SAP employees: Only permanent roles are eligible for the SAP Employee Referral Program, according to the eligibility rules set in the . Specific conditions may apply for roles in Vocational Training.EOE AA M/F/Vet/Disability:Qualified applicants will receive consideration for employment without regard to their age, race, religion, national origin, ethnicity, age, gender (including pregnancy, childbirth, et al), sexual orientation, gender identity or expression, protected veteran status, or disability.
Successful candidates might be required to undergo a background verification with an external vendor.Requisition ID: 431895 | Work Area: Software-Development Operations | Expected Travel: 0 - 10% | Career Status: Professional | Employment Type: Regular Full Time | Additional Locations: #LI-Hybrid.Requisition ID: 431895Posted Date: Aug 8, 2025Work Area: Software-Development OperationsCareer Status: ProfessionalEmployment Type: Regular Full TimeExpected Travel: 0 - 10%Location:São Leopoldo, BR, 93022-718Job alert

SAP

Candidatar-se